Open
Description
It seems that something is wrong with signing base Node images' tags on Docker Hub:
$ DOCKER_CONTENT_TRUST=1 docker pull node
Using default tag: latest
Pull (1 of 1): node:latest@sha256:f0b151a0f4226e67e40afddbc9e0a37e697f8eb32d5cd8b1a55d5b238f04581b
sha256:f0b151a0f4226e67e40afddbc9e0a37e697f8eb32d5cd8b1a55d5b238f04581b: Pulling from library/node
Digest: sha256:f0b151a0f4226e67e40afddbc9e0a37e697f8eb32d5cd8b1a55d5b238f04581b
Status: Image is up to date for node@sha256:f0b151a0f4226e67e40afddbc9e0a37e697f8eb32d5cd8b1a55d5b238f04581b
Tagging node@sha256:f0b151a0f4226e67e40afddbc9e0a37e697f8eb32d5cd8b1a55d5b238f04581b as node:latest
$ docker images --digests node | grep latest
node latest sha256:f0b151a0f4226e67e40afddbc9e0a37e697f8eb32d5cd8b1a55d5b238f04581b 9ba05fbb174a 5 months ago 900MB
$ docker pull node
Using default tag: latest
latest: Pulling from library/node
Digest: sha256:cd932f9ff15650a908bf5982c7c0c5aa032d378edcc5cf179a3f7fc8bc8683ef
Status: Downloaded newer image for node:latest
$ docker images --digests node | grep latest
node latest sha256:6e64f63a663a368cc81b28ed3c3e29e6b3784c04f0128be5aaa659157ed4d231 7c412a558705 12 days ago 907MB
node latest sha256:cd932f9ff15650a908bf5982c7c0c5aa032d378edcc5cf179a3f7fc8bc8683ef 7c412a558705 12 days ago 907MB
As you can see the signed node:latest tag is outdated while the unsigned one is recent (and matches node:12.6.0).
(By the way, there seem to be two digests for the same image, hopefully that's fine?)
Also, it appears that the recent images have no signed counterparts:
$ DOCKER_CONTENT_TRUST=1 docker pull node:12.6.0
No valid trust data for 12.6.0
But images pushed roughly 5 months ago are still signed:
$ DOCKER_CONTENT_TRUST=1 docker pull node:10.15
Pull (1 of 1): node:10.15@sha256:7050e0dffc069c9f2e8dedcd255d7e57d87bebf33d6a5d97bd4905fb2333db8c
sha256:7050e0dffc069c9f2e8dedcd255d7e57d87bebf33d6a5d97bd4905fb2333db8c: Pulling from library/node
Digest: sha256:7050e0dffc069c9f2e8dedcd255d7e57d87bebf33d6a5d97bd4905fb2333db8c
Status: Image is up to date for node@sha256:7050e0dffc069c9f2e8dedcd255d7e57d87bebf33d6a5d97bd4905fb2333db8c
Tagging node@sha256:7050e0dffc069c9f2e8dedcd255d7e57d87bebf33d6a5d97bd4905fb2333db8c as node:10.15
Metadata
Metadata
Assignees
Labels
No labels